[JET] Fortress

So like many people that have posted here I have used dig in every configuration that I can think of and have still had no luck. If someone could provide a helping hand it would be most appreciated. Please PM me.

Hi :slight_smile: I stuck on “more secrets” edit … is ok

Hi, any help for elasticity ? (The last flag to finish the lab for me)

@christrc said:
Hi, any help for elasticity ? (The last flag to finish the lab for me)

I think my post 3 posts above yours might give you a hint.
In return, you could perhaps give me a hint on how to get over my issue? :wink:

ok I think I am nearly there with overflow however I am unable to get my code working.
I am still for the life of me can’t get a reverse shell on to jet, tried netcat, socat and whichever.

for overflow, I am running using burp with socat however, failing.

@FlatMarsSociet I’m on same point :pensive: :slight_smile:

so it took me over 2 days to get my head around buffer overflows and with help from @FlatMarsSociet and @EvilT0r13
I have had good success with other parts however, I am now stuck with following three

Elasticity
Member Manager
Memo - i have a rough idea of what that is

unable to get a reverse shell from web … any nudges pls ?

which part Command ? PM

@B3ard3d said:

So like many people that have posted here I have used dig in every configuration that I can think of and have still had no luck. If someone could provide a helping hand it would be most appreciated. Please PM me.

I got stuck in overflown, I have the file l***. Any nudges please

Type your comment> @nitinrkz said:

unable to get a reverse shell from web … any nudges pls ?

Nobody says you’re supposed to get a revshell

Type your comment> @FlatMarsSociet said:

Type your comment> @nitinrkz said:

unable to get a reverse shell from web … any nudges pls ?

Nobody says you’re supposed to get a revshell

Huh?

roo@kali:~/hack_the_box/machines$ nc -nvlp 8081
listening on [any] 8081 …
connect to [10.13.14.11] from (UNKNOWN) [10.13.37.10] 36820
bash: cannot set terminal process group (1304): Inappropriate ioctl for device
bash: no job control in this shell
www-data@jet:~/REDACTED$

Type your comment> @FlatMarsSociet said:

Type your comment> @nitinrkz said:

unable to get a reverse shell from web … any nudges pls ?

Nobody says you’re supposed to get a revshell

hey I actually managed to get one :wink: had to do some tricks but finally :smiley:

Apart from that , Any tutorials i can use for overflows ?

could anyone provide a nudge on the Command? I identified an interesting function in SC but I haven’t had any luck exploiting it. Thanks in advance.

Type your comment> @roowashere said:

Type your comment> @FlatMarsSociet said:

Type your comment> @nitinrkz said:

unable to get a reverse shell from web … any nudges pls ?

Nobody says you’re supposed to get a revshell

Huh?

roo@kali:~/hack_the_box/machines$ nc -nvlp 8081
listening on [any] 8081 …
connect to [10.13.14.11] from (UNKNOWN) [10.13.37.10] 36820
bash: cannot set terminal process group (1304): Inappropriate ioctl for device
bash: no job control in this shell
www-data@jet:~/REDACTED$

It’s not because you can, that you really need to.
Sometimes people get stuck looking for a way to get a revshell, while everything they need is right in from of them

Type your comment> @FlatMarsSociet said:

Type your comment> @roowashere said:

Type your comment> @FlatMarsSociet said:

Type your comment> @nitinrkz said:

unable to get a reverse shell from web … any nudges pls ?

Nobody says you’re supposed to get a revshell

Huh?

roo@kali:~/hack_the_box/machines$ nc -nvlp 8081
listening on [any] 8081 …
connect to [10.13.14.11] from (UNKNOWN) [10.13.37.10] 36820
bash: cannot set terminal process group (1304): Inappropriate ioctl for device
bash: no job control in this shell
www-data@jet:~/REDACTED$

It’s not because you can, that you really need to.
Sometimes people get stuck looking for a way to get a revshell, while everything they need is right in from of them

That’s fair. In this case, a revshell provided no more towards the objective than was already available. A ‘distraction’, as you say.

Thanks for the timely reminder.

Got some JSON output for elasticity but not sure if the content is supposed to serve as a hint. Stuck on elasticity like most people on the forum apparently…

Can anyone point me in the right direction?

I feel like I’m digging in circles. Anyone able to nudge me in the right direction?

NVM: was being dumb. Now fun with bypass…

@jiggle said:
I feel like I’m digging in circles. Anyone able to nudge me in the right direction?

I’m pretty sure you’ll find the direction you’re supposed to dig in these 8 pages.

Based on an IP, what information could you dig up?
Usually you do the reverse